Sidecar not generating collector yml files

Newbie here following the step-by-step guide for 3.0 configuration. Everything has installed smoothly to this point.

Graylog is running on a Debian 9 VM
Sidecar is being installed on the windows 10 workstation that is hosting the VM. This is for testing/learning.

I have created an input and the sidecar is visible as well within Graylog. However, the collector status says “There are no collectors configured in this sidecar”.

From my understanding, when setting up the sidecar in Windows the “generated” folder should be populated with filebeat and winlogbeat yml files. This is not happening and so the Graylog server isn’t able to manage the collectors.

The only changes I have made that deviate from the tutorial are that I have set tls_skip_verify to true since I am not running this yet.

A few points of confusion in the step by step guide. when creating the beats input it says “start a global Beats input…” however the image shows the global box unchecked.

A few steps later when navigating to the configuration page the image shows four Log Collectors already visible. This is where my setup deviates and shows nothing under Log Collectors.

I’m not sure where the disconnect is between the workstation and the server considering some things are visible. Research online suggests that the issue has to do with tags, however these seems to have gone to the wayside in 3.0.

Any suggestions? Thanks!

This was solved… sort of.

A colleague replicated my installation on ubuntu instead of debian (not sure if that matters) and was shown the default collector configurations in his installation. I copied the settings into my installation and restarted everything and it all worked.

For anyone else that ends up here these were the default settings:



Process management

Windows service

Operating System


Executable Path

C:\Program Files\Graylog\sidecar\winlogbeat.exe

Execute Parameters (Optional)

-c “%s”

Parameters for Configuration Validation (Optional)

test config -c “%s”

Default Template

fields_under_root: true

fields.collector_node_id: ${sidecar.nodeName}

fields.gl2_source_collector: ${sidecar.nodeId}


hosts: [“”]


data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data

logs: C:\Program Files\Graylog\sidecar\logs


  • windows



  • name: Application

  • name: System

  • name: Security

  • did you see the Sidecar in the Graylog UI?
  • did you create a configuration for your collector?
  • did you assign the configuration to the sidecar?

Hi Jan,

Yes, I could see the sidecar in the UI.

I wasn’t able to create a configuration because it asks for a collector in the drop down. Since there were no default collectors I wasn’t able to complete the configuration.

Once I manually created a winlogbeat collector from looking at a colleagues computer I was able to add the configuration and start receiving logs.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.